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(54) Authentication method by means of a storing device 



(57) A user authentication method performed by a 

computer (FS) by means of a device (6) for storing data 
derived from a smart card (4) though cryptographic op- 
erations, in said smart card (4) being stored a digital cer- 
tificate (CDcie) » s private key (PrKcie) and the public key 



(PbKciE) corresponding to said private key (PrKojE); 
since said storing device (6) is univocally bound to said 
smart card (4), it can be used in an apparatus (1 0) able 
to communicate with said computer (FS) of a service 
provider, in order to authenticate the user of the storing 
device (6). 
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Description 

[0001] The object of the present invention is an au- 
thentication method by means of a storage device. 
[0002] Electronic devices for storing information, like 5 
for instance magnetic and optical disks, microproces- 
sors and so on, are in use since a lot of time. 
[0003] Among said devices are also included cards 
for storing information. Said cards are used for different 
purposes: phone cards, credit cards or bank cards in 
general, cards for surveying the presence at the place 
of work and so on. 

[0004] Said cards have been flanked by the so called 
smart cards that, besides storing information, also con- 
tain a unit (chip) able to process information. is 
[0005] In the case of the smart cards, new applica- 
tions allowing a more active role of the cards are coming 
forward in order to exploit fully the capability of their 
processing devices. 

[0006] On the card is stored information relative to the 20 
authorisations provided for the holder who will be able 
to obtain or not certain services at the end of an authen- 
tication procedure managed by service administration 
bodies (server). 

[0007] The user authentication consists in guarantee- 25 
ing to the service provider that the user is effectively that 
who Is declaring to be. The authentication procedure is 
an essential element for providing remote services be- 
cause the service provider does not have the possibility 
to verify personally the identity of whom is asking to ob- 30 
tain a certain service. 

[0008] The use of the smart cards is diffusing rapidly 
also for services concerning the everyday's life, for in- 
stance the services provided by the public administra- 
tion, and in the next future the use of a card and of a 35 
communication network will be indispensable for obtain- 
ing a big part of said services. 

[0009] The use of the electronic identity card, that will 
replace in the next future the traditional paper identity 
card, is to be considered in this perspective. The elec- 4o 
tronic identity card will contain personal information both 
visibly printed on the card itself, like for instance the 
name, the surname, the place and the date of birth, and 
stored in digital form. Secret information will be also 
stored on the card as well, that is to say information ac- ^5 
cessible only to the electronic identity card's holder by 
means of a personal secret code or PIN (Personal Iden- 
tification Number). 

[001 0] Since the electronic identity card must consent 
to identify its holder in a safe way, telematically as well, so 
in order to allow the provision of diversified and always 
newer services as said services are conceived and 
made ready by the administrations, the card will be gen- 
erally provided with a microprocessor allowing said 
functionalities, thereby guaranteeing, at a logical level, ss 
the identity of the card's holder in the telematic transac- 
tions during which the parties can not "see" each other. 
[0011] Besides, the diffusion of said cards will make 
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necessary to dispose of card readers at low cost and of 
simple use. 

[0012] An electronic identity card reader will be pro- 
vided for instance at the public administration bodies ap- 
pointed for delivering the services. 
[0013] Other readers will be installed at a certain 
number of peripheral offices, but, in any case. It is hardly 
imaginable that in the next future each user will be pro- 
vided by the public administration with an electronic 
identity card reader that, in any case, must be connected 
at least with a computer and with a modem. Obviously, 
this fact constitutes a limit to the diffusion of the elec- 
tronic identity card. 

[0014] For making the use of the electronic identity 
card more advantageous, it would be desirable that the 
user could use the card by means of a tool more diffused 
than a special-purpose reader. 

[0015] Besides, it would be desirable that the user 
could use the card also for purposes different from those 
connected with the public administration services, for in- 
stance for obtaining services delivered by service pro- 
viders, like banks and shops of every kind, in order to 
give life to electronic commerce transactions. 
[0016] In other words, the success of the electronic 
identity card, for the realisation of which the govern- 
ments of various countries are investing considerable 
economic funds, will benefit from the fact that the user 
of the electronic identity card could use his/her electron- 
ic identity card or an equivalent of it, for instance for car- 
rying out a banking operation without going to a bank or 
for buying a good without going to a shop. 
[0017] Yet it is clear that it is necessary to find a means 
allowing to the citizen holding an electronic identity card, 
that, as far as Italy is concerned, will be distributed to 
each citizen by the end of 2004, to carry out operations 
with the sen/ice providers safely, easily, economically 
and without going in person to the service provider. 
[0018] The present invention identifies the mobile 
phone, by this time largely diffused among all the layers 
of the population, as the means able to consent to the 
electronic identity card's holder to use the data therein 
contained for requesting certain services to a service 
provider by means of a normal phone call. 
[001 9] It is an object of the present invention to realise 
a user authentication method by means of a smart card, 
in particular by means of a smart card of the type used 
in the mobile phones. 

[0020] This and other objects of the invention are ob- 
tained with the method as claimed in the hereby at- 
tached claims. 

[0021] Advantageously, for being able to exploit the 
invention, the user holding an electronic identity card on- 
ly needs a mobile phone, by this time largely diffused 
among the population, with its relative smart card. 
[0022] For satisfying the criteria necessary to a safe 
information exchange, it is known to turn to cryptogra- 
phy, that is to the science dealing with the protection and 
the mathematical transformation of data into a non- 
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readable format, thereby offering authentication, integ- 
rity, secrecy and nonrepudiation services. 
[0023] The invention uses known cryptographic tech- 
niques, like the asymmetric cryptography with a public 
or a private key and the "hashing" algorithms, that is to 5 
say algorithms for obtaining a fixed-length string starting 
from a variable-length string. 

[0024] Advantageously, the invention exploits infor- 
mation already present on the electronic identity card, 
in particular the public key, the private key and the digital io 
certificate, that can be used for processing data crypto- 
graphically and for making safe the information ex- 
change between the user and the service provider. 
[0025] In addition, the digital certificate contains infor- 
mation about its owner, about the certification authority ^5 
that Issued the certificate and, in case, the list of the au- 
thorities disposing of the certificate revocation lists is- 
sued by the certification authority. 
[0026] It is important to point out that the level of au- 
thentication obtainable by means of the method accord- 20 
ing to the invention is the same as the level guaranteed 
by the electronic identity card. 

[0027] Besides, the present invention advantageous- 
ly provides for the interruption in the service provision if 
anomalies during the card authentication procedure are 25 
discovered, for instance in case the cards result to be 
stolen, tampered with or expired, or in case someone 
tries to impersonate another individual. 
[0028] Moreover, as far as the phone communication 
is concerned, the fact of being able to rely upon reliable 30 
and tested technologies like for instance the GSM tech- 
nology is a further advantage for the user. In any case, 
the invention leaves out of consideration the communi- 
cation protocol used with the service provider and there- 
fore can be also used with possible improvements of the 35 
current communication standards, or with new commu- 
nication standards. 

[0029] The above mentioned and other objects of the 
invention will appear more clear from the detailed de- 
scription of seven embodiments of the method accord- 40 
ing to the invention with particular reference to the here- 
by attached drawings, wherein: 

Figure 1 shows a device according to the invention 
for transferring data from an electronic identity card 45 
to a smart card of the type used in a mobile phone; 
Figures 2a,2b and 2c are respectively three sche- 
matic representations of communication systems 
applying the method according to the invention; 
Figures 3 and 4 are a flow chart of a first embodi- so 
ment of the authentication method according to the 
invention; 

Figures 5 and 6 are a flow chart of a second em- 
bodiment of the authentication method according to 
the invention; ss 
Figures 7 and 8 are a flow chart of a third embodi- 
ment of the authentication method according to the 
invention; 
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Figures 9 and 1 0 are a flow chart of a fourth embod- 
iment of the authentication method according to the 
invention; 

Figures 1 1 and 1 2 are a flow chart of a fifth embod- 
iment of the authentication method according to the 
invention; 

Figures 13 and 14 are a flow chart of a sixth em- 
bodiment of the authentication method according to 

the invention; 

Figures 1 5 and 1 6 are a flow chart of a seventh em- 
bodiment of the authentication method according to 
the invention. 

[0030] With reference to the Figure 1 , it is shown a 
device 1 provided with two slots 2,3 respectively for in- 
serting an electronic identity card 4 equipped with a mi- 
croprocessor 5 and with a smart card 6 or SIM (Sub- 
scriber Identity Module) of the type used in the mobile 
phones, said SIM being provided with a memory area 
8, wherein it is possible to store data, and being 
equipped with a microprocessor 7. 
[0031] The data used by the method according to the 
invention are stored on the electronic identity card 4. In 
particular, it is about a digital certificate CDqi^, a public 
key PbKQiE and a private key PrKciE- 
[0032] The digital certificate CDcjE» currently ar- 
ranged in format X-509, or public-key PbKciE digital cer- 
tificate is a declaration issued by a certif ication authority 
CA which guarantees, thanks to the digital signature, the 
association between the public key RbK^^ and the iden- 
tity of the object (user, peripheral or service) owning the 
corresponding private key PrKciE- 
[0033] The public key PbKciE and the private key 
PrKciE are mathematically correlated so that only the 
owner of the private key PrKQi^ is able to decode a 
digital information coded with the public key PbKQiE- 
[0034] It is important to point out that the private key 
PrKciE is invisible from outside but can be used for cryp- 
tographic operations. 

[0035] In addition, the device 1 provides for some 
ports, not represented in the figure, for the possible con- 
nection to a computer, to a network, to Internet, or to a 
different electronic device. 

[0036] Moreover, the device 1 will be able to perform, 
by means of a data processing unit and of an appropri- 
ate software, data reading operations from the electron- 
ic identity card 4, data reading and writing on the SIM 6, 
and data processing, therein comprising data crypto- 
graphic operations. 

Example 1 

[0037] It is now described a first example of the meth- 
od for authenticating the user of an electronic identity 
card 4 by means of a SIM 6 of the type suitable to be 
used in a mobile phone. 

[0038] During the preparation stage of said SIM 6, the 
electronic identity card 4 and the SIM 6 are respectively 
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inserted into the respective slots 2,3 of the device 1 . 
[0039] With reference to the Figure 3, at step 101 the 
device 1 requests and obtains from the SIM 6 a unique 
string IDgiw, which is generally the serial number of the 
SIM , univocally assigned by the SIM manufacturer itself. 
Agreements reached between the different SIM manu- 
facturers prevent that two SIMs having the same IDsim 
may exist. In this same step the device 1 requests and 
obtains the digital certificate CDqie from the electronic 
identity card 4. 

[0040] At step 1 03 the device 1 concatenates the dig- 
ital certificate CDc^ with the unique string IDgiM, there- 
by obtaining a string CDqiesim = ^^c\E # ^^sm- 
[0041] At step 1 05 the device 1 or the electronic iden- 
tity card 4 performs a cryptographic operation by means 
of a "hashing*' algorithm on the string CDciesim obtained 
at step 103, thereby obtaining a string HCDciesim = ^ 
(^^ciesim)- 

[0042] At step 1 07 the electronic identity card 4 uses 
the private key PrKciE for performing an asymmetric 
cryptographic operation on the string HCDciesim ob- 
tained at the step 105, thereby obtaining a string 

[0043] At step 1 09 the string HCDciesim and the dig- 
ital certificate CDcie containing the public key PbKdE of 
the electronic identity card 4 are stored in the SIM 6, In 
this way the electronic identity card 4 is univocally bound 
to the SIM 6 of the mobile phone 10. 
[0044] Then the SIM card 6 can be taken out from the 
device 1 and be inserted into a mobile phone 10 for be- 
ing used in the authentication procedure with a service 
provider, for instance a bank, the public administration 
or a shop- 

[0045] . With reference to the Figures 2a and 4, it will 
be now described the authentication procedure accord- 
ing to this first embodiment of the invention. 
[0046] By making a phone call to a service provider, 
the mobile phone 10 containing the SIM 6 is put into 
communication with a computer FS of a service provid- 
er. 

[0047] During the stage of use of said SIM 6, at step 
151 the computer FS of the service provider requests 
and obtains from the SIM 6, by means of the mobile 
phone 10. the string HCD'ciesim. ^^e digital certificate 
CDciE. and the unique string IDsim of the SIM 6. 
[0048] At step 1 53 the computer FS of the service pro- 
vider concatenates the digital certificate CDqie with the 
string IDgi^^, thereby obtaining the string CD*ciesim = 
CDc,e#IDs,m. 

[0049] At step 1 55 the computer FS performs a cryp- 
tographic operation by means of a "hashing" algorithm 
on the string CD'ciesim obtained at step 1 53, thereby 
obtaining a string HCD*ciesim = H(CD*ciesim)- 
[0050] At step 1 57 the computer FS of the service pro- 
vider performs a cryptographic operation of the string 
HCD ciesim with the public key RbK^iE. present on the 
digital certificate CDcie* thereby obtaining the string 
HCDciesim = ^^^^ ciesim ® P^Kcie- 
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[0051] At step 159 the computer FS compares the 
string HCDciesim with the string HCD*ciesim 
(HCDciesim = HCD*ciesim 

[0052] In case the string HCDciesim does not match 
5 with the string HCD'ciesim* computer FS of the serv- 
ice provider wilt stop the user authentication procedure 
(step 160). 

[0053] At step 161, the computer FS interrogates a 
remote computer CRL disposing of the list of certificates 

10 revoked by the certification authority CA, said authority 
being identified through the digital certificate CDcie of 
the electronic identity card 4. Since the computer CRL 
guarantees the validity of the certificate, it verifies if the 
latter is valid (in case, the computer CRL may also co- 

15 incide with the computer of the certification authority 
CA). 

[0054] Only in case of positive outcome (step 163), 
the user authentication has turned out well and the serv- 
ice provider will begin offering services to the user, since 
20 the service provider has unequivocally identified the 
owner of the SIM 6 contained in the mobile phone 10. 
Othenwise (step 162) the service provider will stop the 
user authentication procedure. 

25 Example 2 

[0055] It will be now described a second embodiment 
of the invention wherein the unique string IDsim of the 
SIM 6 is not used. 

30 [0056] During the preparation stage of said SIM 6, the 
electronic identity card 4 and the SIM 6 are respectively 
inserted into the respective slots 2,3 of the device-1. 
[0057] With reference to the Figure 5, at step 201 the 
device 1 or, as an alternative, the electronic identity card 

35 4 itself, generate a public key PbKsiM and a correspond- 
ing private key PrKsi^- 

[0058] At step 203 the device 1 , or the electronic iden- 
tity card 4, performs a cryptographic operation by means 
of a "hashing" algorithm of the digital certificate CDcie 
40 read by the electronic identity card 4, thereby obtaining 

the string HCDqie = H(CDcie)- 

[0059] At step 205 the device 1, or the electronic 
identity card 4, performs an asymmetric cryptographic 
operation of the string HCDoe with the private key 
45 PrKsiM, thereby obtaining the string HCD'cie = HCDcie 

[0060] At step 207 the electronic identity card 4 per- 
forms an asymmetric cryptographic operation of the 
string HCD'cie with the private key PrKciE of the elec- 
50 tronic identity card 4, thereby obtaining the string 
HCD"ciE = HCD'cie ® PrKcE- 

[0061] Finally, the private key PrKgiM. the public key 
PbKgiM, the digital certificate CD^e of the electronic 
identity card 4 and the string HCD"cie ^re stored in the 
55 SIM 6 (step 209). In this way, the electronic identity card 
4 is univocally bound to the SIM 6 of a mobile phone 1 0. 
[0062] Naturally, the private key PrKgiM will be stored 
in the SIM 6, according to known techniques, thereby 
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guaranteeing the in accessibility from outside, apart from 
the microprocessor of the mobile phone 10. 
[0063] Then the SIM card 6 can be taken out from the 
device 1 and be inserted into a mobile phone 10 for be- 
ing used in the authentication procedure with a service 5 
provider, for instance a bank, the public administration 
or a shop. 

[0064] With reference to the Figures 2b e 6, it will be 
now described the authentication procedure, according 
to said second embodiment of the invention. io 
[0065] By making a phone call to a service provider, 
the mobile phone 10 equipped with a microprocessor or 
chip 12 and containing the SIM 6 is put into communi- 
cation with a computer FS of a service provider. 
[0066] During the stage of use of said SIM 6, at step is 
251 the computer FS of the service provider requests 
and obtains from the SIM 6 of the mobile phone 10 the 
public key PbKs,M. the string HCD"c,e and the digital 
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certificate CD, 

[0067] At step 253 the computer FS generates a ran- 20 
dom number CH, creates from said number CH, by 
means of an asymmetric cryptographic operation with 
the public key PbKgjM, a string CH' = CH ® PbKsiM. and 
sends said string CH' to the SIM 6 of the mobile phone 
10. 25 
[0068] At step 255 either the SIM 6 or the mobile 
phone 10 deciphers the string CH' with the private key 
Pi'^^siM' thereby obtaining the number CH* = CH' ® 

'^''*^SIM- 

[0069] At step 257 the SIM 6. or the mobile phone 1 0, 3o 
by means of an "hashing" algorithm on the random 
number CH*, generates a string S. Said string S is con- 
catenated with itself more times until its length Lg is 
equal to the length Lhcd"cie the string HCD"cie (S = 
#H(CH*) until Ls = Lhcd"cie). 35 
[0070] At step 259, either the SIM 6 or the mobile 
phone 10 generate a string HCD"cie xor obtained by 
performing the logic operation XOR between the string 
HCD"cie and the string S. The string HCD"cie xor = 
^^^"ciE ® S is successively sent to the computer FS. 4o 
[0071] At step 261 , the computer FS, by means of a 
"hashing" algorithm on the random number CH, 
generates a string T. Said string T is concatenated with 
itself more times until its length Lj is equal to the length 
Lhcd-cie.xor the string HCD"cie_xor (T = #H(CH) 45 
until Ly = Lhcd-cie„xor)- 

[0072] At step 263, the computer FS obtains the string 
*^^D"ciE = '^^D"ciE_xoR ® T by performing the logic op- 
eration XOR between the string HCD"cie xor and the 
string T. ~ 50 

[0073] At step 265, the computer FS deciphers the 
string HCD-^ie with the public key PbKdE, present on 
the digital certificate CDcie, thereby obtaining the string 
HCD'cE = HCD"c,E ® PbKcE. 

[0074] At Step 267, the computer FS deciphers the ss 
string HCD'ce with the public key PbKgjM, thereby ob- 
taining the string HCD*cie = HCD'ce ® PbKsiM- 
[0075] At step 269, the computer FS by means of a 



"hashing" algorithm on the digital certificate CDcie, ob- 
tains the string HCDqie = H(CDcie)- 
[0076] At step 271, the computer FS compares the 
string HCD*cie with the string HCD^e (HCD*cie = 
HCDce ?). In case the string HCD*cie ^oes not match 
with the string HCDcie. the service provider will stop the 
user authentication procedure (step 272). 
[0077] At step 273, the computer FS interrogates a 
remote computer CRL disposing of the list of certificates 
revoked by the certification authority CA, said authority 
being identified through the digital certificate CDqie of 
the electronic identity card 4 (in case, the computer CRL 
can also coincide with the computer of the certification 
authority CA). Since the computer CRL guarantees the 
validity of the certificate, it verifies if the latter is valid. 
[0078] Only in case of positive outcome (step 275), 
the user authentication has turned out well and the serv- 
ice provider will begin offering services to the user, since 
the service provider has unequivocally identified the 
owner of the SIM 6 contained in the mobile phone 10. 
Othenwise (step 274) the service provider wilt stop the 
user authentication procedure. 

Example 3 

[0079] Afurther embodiment of the method according 
to the invention provides for the use of a chip 1 2 present 
in a mobile phone 10 for performing the biggest part of 
the cryptographic operations required by the method ac- 
cording to the invention. 

[0080] With reference to the Figure 7, during the stage 
of preparation of said SIM 6, at step 301 the chip 12 
provided in the mobile phone 1 0 generates a pair of pri- 
vate and public keys PrKgiM e PbKgiM that Is stored in 
a memory area 14 of said chip 12. 
[0081] At the successive step 303 the public key Pb- 
KsiM is written on the SIM 6 that is inserted into the mo- 
bile phone 10. 

[0082] The SIM card 6 is then taken out from the mo- 
bile phone 1 0 and inserted into the device 1 wherein also 
the electronic identity card 4 will be inserted. 
[0083] At step 305 the device 1 requests and obtains 
from the SIM 6 a unique string IDsim. that generally is 
the serial number of the SIM 6. In this same step the 
device 1 requests and obtains the digital certificate 
^^ciE ^^orr\ the electronic identity card 4. 
[0084] At step 307 the device 1 concatenates the dig- 
ital certificate CDce with the string IDqim. thereby ob- 
taining a string CDcesim = CDqie # IDqim- 
[0085] At step 309 the device 1, or the electronic 
identity card 4, obtains the string HCDcesim = H 
(C^ciesim) by means of a "hashing" algorithm on the 
string CDciesim- 

[0086] At step 311 the electronic identity card 4 uses 
the private key PrKcE ^^r performing a cryptographic 
operation on the string HCDciesim' thereby obtaining a 
string HCD'cesim = HCDcesim ® PrKciE- 
[0087] At step 313 the device 1 uses the public key 
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PbKsii^ generated at step 301 for performing an 
asymmetric cryptographic operation on the string 
HCD'ciEsiM. thereby obtaining the string HPCD"ciesim = 
HCD'cEsiM ® PbKsiM- 

[0088] At step 315 the device 1 writes on the SIM 6 5 
the string H^CD^ciesim ^nd the digital certificate CDcie 
that is located on the electronic identity card 4. 
[0089] Successively, the SIM 6 can be inserted again 
into the mobile phone 10. 

[0090] At step 317 the chip 12 performs an asymmet- io 
ric cryptographic operation on the string HPCD^ciesim 
with the private key PrKgiM. thereby obtaining the string 

HCD'ciESlM = '^^CD'ciESIM ® Pr^slM- 

[0091] Successively, at step 319, the chip 1 2 performs 
an asymmetric cryptographic operation on the string '5 
HCDqiesim with the private key PrKgiM, thereby obtain- . 
ing the string HCD"ciesim HCD'cesim ® PfKsiM- 
[0092] At step 32 1 the chip 1 2 writes in its memory 1 4 
the string HCD^qiesim the digital certificate CDcie 
associating them to the public key PbKsiM generated at 
step 301 . 

[0093] At step 323 the chip 12 provides for deleting 
from the SIM 6 the string HPCD"ciesim ^"^1 the digital 
certificate CDcie- 

[0094] The SIM card 6 and the mobile phone 10 can 25 
be used in the authentication procedure with a service 
provider, for instance a bank, the public administration 

or a shop, 

[0095] With reference to the Figures 2a e 8, it will now 
be described the authentication procedure according to 30 
this third embodiment of the invention. 
[0096] By making a phone call to a service provider, 
the mobile phone 10 containing the SIM 6 is put into 
communication with a computer FS of a service provid- 
er. 35 
[0097] During the stage of use of said SIM 6, at step 
351 the chip 12 of the mobile phone 10 reads the string 
IDsiM trom the SIM 6. 

[0098] At step 353 the computer FS of the service pro- 
vider requests and obtains the string HCD'ciesim' the 4o 
digital certificate CDcie, public key PbKsiM and the 
string IDsiM from the chip 12 of the mobile phone 10. 
[0099] At stage 355 the computer FS of the service 
provider concatenates the digital certificate CDcie wt^ 
the string IDsim. thereby obtaining the string CD'ciesim 
= CDcie * ^^sim. 

[01 00] At step 357 the computer FS performs a cryp- 
tographic operation by means of an "hashing" algorithm 
on the string CD*ciesim« thereby obtaining the string 
^^D*ciEsiM = H(CD*ciesim)* 

[0101] At step 359 the computer FS of the service 
provider performs an asymmetric cryptographic 
operation of the string HCD"ciesim with the public 
PbKsiM, thereby obtaining the string HCD'ciesim = 
HCD"ciESlM ® PbKsiM- 55 
[01 02] At step 361 the computer FS of the sen/ice pro- 
vider performs an asymmetric cryptographic operation 
of the string HCD'ciesim ^'t^ the public key PbKciE> 
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present on the certificate CDcie* thereby obtaining the 
string HCDciEsiM = HCD'ciesim ® PbKciE. 
[0103] At step 363 the computer FS compares the 
string HCDciesim ^'th the string HCD*ciesim 
(HCDciEsiM ^ HCD'ciesim '^)- 

[0104] In case the string HCDciesim ^oes not match 
with the string HCD*ciesim« the computer FS of the serv- 
ice provider will stop the user authentication procedure 

(step 364). 

[0105] At step 365, the computer FS interrogates a 
remote computer CRL disposing of the list of certificates 
revoked by the certification authority CA, said authority 
being identified through the digital certificate CDcie 
the electronic identity card 4 (in case, the computer CRL 
can also coincide with the computer of the certification 
authority CA). Since the computer CRL guarantees the 
validity of the certificate, it verifies if the latter is valid. 
[0106] Only in case of positive outcome (step 367), 
the user authentication has turned out well and the serv- 
ice provider will begin offering services to the user, since 
the service provider has unequivocally identified the 
owner of the SIM 6 contained in the mobile phone 10. 
Otherwise (step 366) the service provider will stop the 
user authentication procedure. 

Example 4 

[0107] A fourth embodiment according to the inven- 
tion provides for a second computer that can be consult- 
ed for instance through Internet and is managed by a 
third party different from the user and from the service 
provider. 

[01 08] With reference to the Figure 2c, a computer TP 
of a third party is equipped with a memory 11 and, on 
the one side, can be connected to the device 1 and, on 
the other side, can communicate with a computer FS of 
a service provider. 

[01 09] During the preparation stage of said SIM 6, the 
electronic identity card 4 and the SIM 6 are respectively 
inserted into the respective slots 2,3 of the device 1 , 
[01 1 0] With reference to Figure 9, at step 401 the de- 
vice 1 requests and obtains from the SIM 6 a unique 
string IDsiM. that is generally the serial number of the 
SIM 6. In this same step, the device 1 requests and ob- 
tains from the electronic identity card 4 the digital certif- 
icate CDciE. 

[0111] At step 403 the device 1 concatenates the dig- 
ital certificate CDcie with the string IDqim, thereby ob- 
taining a string CDciesim = CDcie # 'Dsim- 
[0112] At step 405 the device 1 , or the electronic iden- 
tity card 4, performs a cryptographic operation by means 
of a "hashing" algorithm on the string CDciesim* thereby 
obtaining the string HCDciesim = H(CDciesim)- 
[01 1 3] At step 407 the electronic identity card 4 uses 
the private key PrKdE for performing an asymmetric 
cryptographic operation on the string HCDciesim> 
thereby obtaining the string HCD'ciesim = HCDciesim ® 
PrKciE- 
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[0114] The device 1 transfers the string HCD'ciesim 
and the digital certificate CDcie to the computer TP (step 
409). 

[0115] At step 411 the computer TP or the electronic 
identity card 4 or the device 1 generates a public l<ey 
PbKsify, and a corresponding private key PrKsiM that are 
in any case stored in the memory 1 1 of the computer TP. 
[0116] At step 413 the computer TP uses the private 
key PrKsiM for performing an asymmetric cryptographic 
operation of the string HCDqi^siM' thereby obtaining the 
string HCD^ciesim = HCD'ciesim ® ^^^s\M' 
[0117] At step 415 the computer TP stores the digital 
certificate CDqi^ and the string HCD"ciesim» besides as- 
sociating biunivocally the user phone number NTEL with 
said data and with the public key PbKsiM and the private 
key PrKsiM- 

[0118] At step 417 the computer TP sends its IP ad- 
dress and the public key PbKgiM to the device 1 that 
stores them on the SIM 6. In this way, the electronic 
identity card 4 Is bound unlvocally to the SIM 6 of a mo- 
bile phone 10 through the computer TP. 
[01 1 9] Then the SIM card 6 can be taken out from the 
device 1 and be inserted into the mobile phone 10 in 
order to be used in the authentication procedure with a 
service provider, for instance a bank, the public admin- 
istration or a shop. 

[0120] With the reference to the Figures 2a and 1 0 it 
will be now described the authentication procedure ac- 
cording to this fourth embodiment of the invention. 
[0121] By making a phone call to a service provider, 
a mobile phone 10 containing the SIM 6 Is put into com- 
munication with a computer FS of a service provider. 
[0122] During the stage of use of said SIM 6, at step 
451 the computer FS of the service provider requests 
and obtains from the SIM 6 of the mobile phone 1 0 the 
IP address of the computer TP, the public key PbKsn^, 
the user phone number NTEL and the unique string 

[0123] At step 453 the computer FS communicates 
via Internet with the computer TP, thanks to the IP ad- 
dress, and sends to it the user phone number NTEL. 
[0124] At step 455 the computer TP, thanks to the 
phone number, sends to the computer FS the digital cer- 
tificate CDciE and the string HCD'ciesim corresponding 
to the user phone number NTEL. 
[0125] At step 457 the computer FS of the service 
provider concatenates the string CDcie ^'^^ string 
IDsiM, thereby obtaining the string CD'cesim - CD^ie # 

"DsiM- 

[0126] At step 459 the computer FS performs a cryp- 
tographic operation by means of an "hashing" algorithm 
on the string CD*qiesim' thereby obtaining the string 
HCD*ciesim = '^(^'^*ciesim)- 

[01 27] At step 461 the computer FS of the service pro- 
vider deciphers the string HCD'ciesim with the public 
key PbKsivi, thereby obtaining the string HCD'ciesim ~ 
HCD'ciEsiM ® Pb^siM- 

[01 28] At step 463 the computer FS of the service pro- 
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vider deciphers the string HCD'ciesim with the public key 
PbKciE. present on the digital certificate CDqie. thereby 
obtaining the string HCDciesim = HCD'ciesim ® PbKciE* 
[0129] At step 465 the computer FS compares the 
5 string HCDciesim with the string HCD*ciesim 
(HCDciesim = ^^CD*ciesim 

[0130] In case the string HCDciesim does not match 
with the string HCD'ciesim. the computer FS of the serv- 
ice provider will stop the user authentication procedure 

10 (step 466), 

[0131] At step 467, the computer FS interrogates a 
remote computer CRL disposing of the list of certificates 
revoked by the certification authority CA, said authority 
being identified through the digital certificate CDcie 

15 the electronic identity card 4 (in case, the computer CRL 
can also coincide with the computer of the certification 
authority CA). Since the computer CRL guarantees the 
validity of the certificate, it verifies If the latter is valid. 
[0132] Only in case of positive outcome (step 469), 

20 the user authentication has turned out well and the serv- 
ice provider will begin offering services to the user, since 
the service provider has unequivocally identified the 
owner of the SIM 6 contained in the mobile phone 10, 
Otherwise (step 468) the service provider will stop the 

2s user authentication procedure. 

Example 5 

[01 33] A fifth embodiment of the method according to 
30 the invention concerns the possibility for the user to go 
directly to a service provider with a mobile phone and 
an electronic identity card. 

[0134] During the preparation stage of said SIM 6, the 
electronic identity card 4 and the SIM 6 are respectively 

35 inserted Into the respective slots 2,3 of the device 1 . 
[01 35] With reference to the Figure 1 1 , at step 501 the 
device 1 , or the electronic identity card 4, performs a 
cryptographic operation by means of a "hashing" algo- 
rithm on the digital certificate CDcie ^^^^ the elec- 

40 tronic identity card 4, thereby obtaining a string HCDcie 
= H(CDc,e)- 

[0136] At step 503 the electronic identity card 4 per- 
forms an asymmetric cryptographic operation on the 
string HCDcie with the private key PrKoE present on the 
^5 electronic identity card 4, thereby obtaining the string 
HCD'cE = HCDcie ® PrKcE- 

[0137] At step 505 the device 1 transfers the string 
HCD'ciEi the digital certificate CDcie the unique 
string IDsim> that is generally the serial number of the 
50 SIM 6, to the computer FS of the service provider that 
is equipped with a memory (13). 

[0138] At step 507 the computer FS generates, by 
means of a "hashing" algorithm on the string IDsim» a 
string HIDgiM = H(IDsim) that is concatenated with itself 
55 (step 509) until the length Ls of the string S so generated 
is not equal to the length Lhcd'CIE of the string HCD'cie 
(S = #(HIDsim) until Ls=L„cd'cie). 
[01 39] At step 511a logic operation XOR between the 
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string HCD'ciE and the string S is performed, thereby 
obtaining a string HCD cie_xor - HCD ^ie © S. 
[0140] At step 513 the user phone number NTEL, the 
string HCD'cie xor digital certificate CD^ie are 

stored on the computer FS. 5 
[01 41 ] Then the SIM card 6 can be taken out from the 
device 1 and be inserted into a mobile phone 10 for be- 
ing used in the authentication procedure with the service 
provider where the operations described at the steps 
501 -513 have been performed. io 
[0142] With reference to the Figures 2a and 1 2, it will 
be now described the authentication procedure accord- 
ing to said fifth embodiment of the invention. 
[0143] By making a phone call to a service provider, 
the mobile phone 10 containing the SIM 6 is put into '5 
communication with a computer FS of a service provid- 
er 

[0144] During the use stage of said second smart card 
6, at step 551 the computer FS requests and obtains 
from the SIM 6 the phone number NTEL and the unique 20 
string IDsiM- 

[01 45] At step 553 the computer FS performs a cryp- 
tographic operation by means of a "hashing** algorithm 
of the string IDgi;^, thereby obtaining the string HIDsim 
= H(IDs,m). 25 
[0146] At step 555the computer FS generates astring 
T that is concatenated with itself more times until it has 
a length Ly equal to the length Lhcd'cie xor the string 
HCD'qi^ xor associated to the corresponding phone 
number NTEL (T = #(HIDs,m) until Lj = LHccyciE_xoR)- 
[0147] . At step 557 a logic operation XOR is performed 
between the string HCD'cie xor and the string T ob- 
tained at step 555, thereby obtaining the string HCD cie 
= HCD'ctE xor ® 

[0148] At step 559 an asymmetric cryptographic op- 35 
eration of the string HCD'q,£ with the public key RbK^E 
is performed, thereby obtaining the string HCDcie = 
HCD'cE ® PbKciE 

[01 49] At step 561 the computer FS obtains by means 
of a "hashing*' algorithm on the digital certificate CDcie 
the string HCD*cie = H(CDcie). 

[0150] At step 563 the computer FS compares the 
string HCDcie with the string HCD*cie (HCDcie = 
HCD*c,E ?). 

[0151] In case the string HCDcie does not match with 45 
the string HCD*cie» ^^^e computer FS of the service pro- 
vider will stop the user authentication procedure (step 
564). 

[0152] At step 565, the computer FS interrogates a 
remote computer CRL disposing of the list of certificates so 
revoked by the certification authority CA, said authority 
being identified through the digital certificate CDcie of 
the electronic identity card 4 (in case, the computer CRL 
can also coincide with the computer of the certification 
authority CA). Since the computer CRL guarantees the 55 
validity of the certificate, it verifies if the latter is valid. 
[0153] Oniy in case of positive outcome (step 567), 
the user authentication has turned out wet! and the serv- 
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ice provider wilt begin offering services to the user, since 
the service provider has unequivocally identified the 
owner of the SIM 6 contained in the mobile phone 10. 
Otherwise (step 566) the service provider will stop the 
user authentication procedure. 

Example 6 

[0154] It will be now described a sixth method for au- 
thenticating the user of an electronic identity card 4 by 
means of a SIM 6 of the type suitable to be used in a 
mobile phone in which an "hashing" algorithm is not 
used. 

[01 55] In fact, as it is known, the advantage of storing 
strings, to which an "hashing" algorithm has been ap- 
plied, consists in the fact that the length of said strings, 
typically of 16 or 20 bytes, is at least of two orders of 
magnitude lower than the length of a digital certificate 
that is typically of 4 kilobytes. 

[0156] This fact is extremely important especially for 
the authentication methods in which the strings are 
stored in the SIM 6 and in the chip 1 2, that do not dispose 
of a so high memory capacity as the memories of the 
computers FS or TP. 

[01 57] With reference to this sixth example, during the 
preparation stage of said SIM 6, the electronic Identity 
card 4 and the SIM 6 are respectively inserted into the 

slots 2,3 of the device 1 . 

[01 58] With reference to the Figure 1 3, at step 601 the 
device 1 requests and obtains from the SIM 6 a unique 
string IDsii^, that is generally the serial number of the 
SIM. In this same step, the device 1 requests and ob- 
tains from the electronic identity card 4 the digital certif- 
icate CDciE- 

[01 59] At step 603 the device 1 concatenates the dig- 
ital certificate CDcie with the unique string IDsny/, there- 
by obtaining a string CDciesim = CDcie ^ '^sim- 
[0160] At step 605 the electronic identity card 4 uses 
the private key PrKciE for performing an asymmetric 
cryptographic operation on the string CDciesim obtained 
at step 603, thereby obtaining a string CD'ciesim = 

[0161] At step 607 the String CD'oesim the digital 
certificate CDcie containing the public key P^^c\e of the 
electronic identity card 4 are stored on the SIM 6. In this 
way, the electronic identity card 4 is bound univocally to 
the SIM 6 of a mobile phone 1 0. 

[0162] Then the SIM card 6 can be taken out from the 
device 1 and be inserted into the mobile phone 10 for 
being used in the authentication procedure with a serv- 
ice provider, for instance a bank, the public administra- 
tion or a shop. 

[0163] With reference to the Figures 2a and 14 it will 
be now described the authentication procedure accord- 
ing to this sixth embodiment of the invention. 
[0164] By making a phone call to a service provider, 
a mobile phone 1 0 containing the SIM 6 is put into com- 
munication with a computer FS of a service provider. 
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[01 65] During the use stage of said second smart card 
6, at step 651 the computer FS of the service provider 
requests and obtains from the SIIVI 6, via the mobile 
phone 10, the string CDqi^sim' digital certificate 
CDciE> and the unique string IDgiM of the SIM 6. 
[01 66] At step 653 the computer FS of the service pro- 
vider concatenates the digital certificate CDqi^ with the 
string IDqim, thereby obtaining the string CD*ciesim = 
CDcE # IDsiM- 

[01 67] At step 655 the computer FS of the service pro- 
vider will perform an asymmetric cryptographic opera- 
tion of the string CD ciesim with the public key PbKdE. 
present on the digital certificate CDcie. thereby obtain- 
ing the string CDcesim = CD'ciesim ® PbKciE- 
[0168] At step 657 the computer FS compares the 
string CDciesim with the string CD*ciesim (CDciesim = 

[0169] In case the string CDciesim ^0®^ not match 
with the string CD*qiesim' computer FSof the service 
provider will stop the user authentication procedure 
(step 658). 

[0170] At step 659, the computer FS Interrogates a 
remote computer CRL disposing of the list of certificates 
revoked by the certification authority CA, said authority 
being identified through the digital certificate CDqie of 
the electronic identity card 4 (in case, the computer CRL 
can also coincide with the computer of the certification 
authority CA). Since the computer CRL guarantees the 
validity of the certificate, it verifies if the latter is valid. 
[0171] Only in case of positive outcome (step 661), 
the user authentication has turned out well and the serv- 
ice provider will begin offering services to the user, since 
the service provider has unequivocally identified the 
owner of the SIM 6 contained in the mobile phone 10. 
Othenwise (step 660) the service provider will stop the 
user authentication procedure. 

Example 7 

[01 72] It will be now described a seventh embodiment 
of the invention wherein the unique string IDsim of the 
SIM 6 is used. 

[0173] During the preparation stage of said SIM 6, the 
electronic identity card 4 and the SIM 6 are respectively 
inserted into the respective slots 2,3 of the device 1 . 
[0174] With reference to the Figure 1 5, at step 701 the 
SIM 6 or, as an alternative, the device 1 or the electronic 
identity card 4 or the chip 12 of the mobile phone 10, 
generate a public key PbKsiM and a corresponding pri- 
vate key PrKsiM- The public key PbKsj^ and the corre- 
sponding private key PrKsiM are in any case stored on 
the SIM 6. Obviously, the private key PrKsiM is stored 
on the SIM 6, according to known techniques, thereby 
guaranteeing the inaccessibility from outside. 
[0175] At step 703 the device 1 requests and obtains 
from the SIM 6 a unique string IDqim that is generally 
the serial number of the SIM, unlvocally assigned by the 
manufacturer of the SIM itself. In this same step, the 



device 1 requests and obtains the digital certificate 
CDcie frofTi the electronic identity card 4. 
[01 76] At step 705 the device 1 concatenates the dig- 
ital certificate CDqie with the unique string IDsim, there- 

5 by obtaining a string CDciesim = CDcie#idsim- 

[01 77] At step 707 the device 1 or the electronic iden- 
tity card 4 performs a cryptographic operation by means 
of a "hashing" algorithm of the string CDqiesim. thereby 
obtaining the string HCDciesim=H(CDciesim)- 

10 [01 78] At step 709 the SIM 6 performs an asymmetric 
cryptographic operation of the string HCDciesim with the 
private key PrKsiM, thereby obtaining the string 

•^CD CIESIM = ^^CDciESIM ® Pl'KsiM- 

[0179] At step 711 the electronic identity card 4 per- 
'5 forms an asymmetric cryptographic operation of the 
string HCD'ciesim with the private key PrKdE, thereby 
obtaining the string HCD"ciesim = HCD'ciesim ® P^Kcie- 
[0180] Finally, at step 71 3 the digital certificate CDcie 
of the electronic identity card 4 and the string 
20 HCD"ciesim are stored on the SIM 6 (step 713). In this 
way, the electronic identity card 4 is unlvocally bound to 
the SIM 6. 

[0181] Then the SIM card 6 can be taken out from the 
device 1 and be inserted into a mobile phone 10 for be- 
25 ing used in the authentication procedure with a service 
provider, for instance a bank, the public administration 
or a shop. 

[0182] With reference to the Figures 2b and 1 6, it will 
be now described the authentication procedure accord- 
30 ing to this embodiment of the invention. 

[0183] By making a phone call to a service provider, 
the mobile phone 10 containing the SIM 6 is put into 
communication with a computer FS of a service provid- 
er. 

36 [0184] During the use stage of said SIM 6, at step 751 
the computer FS of the sen/ice provider requests to the 
SIM 6 either the public key PbKsiM or the digital certifi- 
cate CDcie the identification number IDsim of the 
SIM 6. In reply, it obtains respectively PbK*siM. CD*cie 

40 e ID*siM 't should be noted that it could happen that 
PbKsiM, CDcie 'Dgi^^do not match respectively with 
P*^^*siM' ^D*ciE e 'D*siM to transmission errors or 
deliberate alterations. 

[01 85] At step 753 the computer FS, in possession of 
45 the public key PbKcA of the certification authority CA 
identified through the digital certificate CD*cie of the 
electronic identity card 4 and guaranteeing the certifi- 
cate itself, verifies the validity of the signature of the cer- 
tificate body by the CA itself. 
50 [0186] In addition, the computer FS verifies that the 
digital certificate CD*cie has not expired. Finally, the 
computer FS interrogates a remote computer CRL, dis- 
posing of the list of the certificates revoked by the cer- 
tification authority CA (in case, the computer CRL can 
55 also coincide with the computer of the certification au- 
thority CA). 

[0187] Since the computer CRL guarantees the valid- 
ity of the certificate, it will verify that this latter has not 
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been revoked. 

[0188] Only in case of positive outcome of the three 
checks, the computer FS will proceed with step 755; oth- 
erwise (step 754) the service provider will stop the user 
authentication procedure, 5 
[01 89] At step 755 the computer FS considers the cer- 
tificate CD*ciE as authentic (and therefore matching with 
CDqie) and valid. 

[0190] At step 757 the computer FS generates a ran- 
dom number CH, creates from said number CH, by io 
means of an asymmetric cryptographic operation with 
the public key PbK*s,^^, a string CH* = CH ® PbK*siM 
and sends said string CH' to the SIM 6 of the mobile 
phone 10 that receives it as CH'*. 

[0191] At step 759 the SIM 6 deciphers the string CH'* is 
with the private key PrK^i^^, thereby obtaining the 
number CH* = CH'* (S) PrKsi^. 

[0192] At step 761 the SIM 6 expands, by means of 
an expansion algorithm E, said number CH*, thereby 
obtaining a string S of length Ls, equal to the length 20 
Lhgd-ciesim of the string HCD"ciesim (S=E(CH*), so that 

Ls = '-hcd"ciesim)- 

[0193] At step 763 a string HCD"ciesim_xor = 
HCD 

**ciESiM ® ^ obtained performing a logic operation 
XOR between the string HCD"ciesim string S is 25 

generated by the SIM 6. The string HCD^ciesim xor 
successively sent to the computer FS that receives it as 

HCD"*q,£SImJxor- 

[0194] At step 765 the computer FS expands by 
means of an expansion algorithm E the random number so 
CH, thereby obtaining a string T of length Ly equal to 
the length Lhcd"*ciesim_xor the string 

HCD"*c,EsiM_xoR (T=E(CH), so that Lj = 
Lhcct'giesim.xor)- 

[0195] At step 767 the computer FS obtains the string 35 
HCD"*c,EsiM = »-'CD''*c,EsiM_xoR © T by performing the 
logic operation XOR between the string 
HCD 

***ciESiM XOR the string T 
[0196] At step 769 the computer FS deciphers the 
string HCD*'*ciesim with the public key PbKciE. present 40 
on the digital certificate CDcie. thereby obtaining 

HCD'*ciESIM = H^D"*CIESIM ® Pb^^CIE- 

[0197] At step 771 the computer FS deciphers the 
string HCD'*ciesim with the public key PbK*siM. thereby 
obtaining the string HCD*ciesim = HCD'*ciesim ® 
PbK*s,M. 

[01 98] At step 773 the computer FS concatenates the 
digital certificate CD^ie with the string ID*sim , thereby 
obtaining the string CD+ciesim = ^^c\e # ^^*s\m 
[0199] At step 775 it obtains the string HCD^ciesim = 
H (CD+ciesim) by means of an "hashing" algorithm on the 
string CD+ciesim- 

[0200] At step 777 the computer FS compares the 
string HCD*ciesim with the string HCD+ciesim 
(HCD*ciEsiM = HCD-^ciESiM In case the string 55 
HCD'ciesim does not match with the string HCD+qiesim» 
the service provider will stop the user authentication pro- 
cedure (step 778). 




[0201] Only in case of positive outcome (step 779). 
the user authentication has turned out well and the serv- 
ice provider will begin offering services to the user, since 
the service provider has unequivocally identified the 
owner of the SIM 6 contained in the mobile phone 10. 
[0202] Although in all the authentication methods de- 
scribed the digital certificate of the electronic identity 
card is used as a starting point, nonetheless rt is also 
possible to use whatever string, provided that it contains 
the public key of the electronic identity card. 
[0203] Although in all the authentication methods de- 
scribed the electronic identity card is univocally bound 
to a smart card to be used in a mobile phone, it is also 
possible to bind univocally the electronic identity card to 
whatever device for storing data, like for instance a mag- 
netic or optical disk, a microprocessor and so on. 
[0204] As a consequence, it appears clear that the de- 
scribed methods are susceptible of being applied to 
whatever communication apparatus, also different from 
the mobile phone, provided that it is able to read data 
contained in the device 6 for storing data and to com- 
municate them to the exterior of the apparatus rtself ei- 
ther via radio waves or through electric connections. 
[0205] It is clear that what has been described is given 
as a not limiting example and that changes and rhodifi- 
cations are possible without departing from the field of 
protection of the invention. 



Claims 

1. User authentication method performed by a com- 
puter (FS) by means of a data storing device com- 
prising the steps of: 

arranging a smart card (4) wherein a first 
private key (PrKQjg) and a digital certificate 
(CDqie) containing the first public key (PbKdg) 
corresponding to said first private key (PrK^iE) 
are stored; 

arranging a device (6) for storing data; 
obtaining an identifying string (IDsim) of said 
* device (6) for storing data; 
arranging a first coding method using said first 
private key (PrKciE) and a corresponding first 
decoding method using said first public key 
(PbKciE) corresponding to said first private key 
(PrKcE); 

arranging a second coding method using said 
identifying string (IDsim); 
applying in succession said second coding 
method and said first coding method to a first 
string (CDcie) containing said first public key 
(PbKciE), in order to obtain a second string 

(HCD'ciESIMiHCD"ciESIM)i 

storing said first string (CDqie). said second 
string (HCD'ciesim;HCD"ciesim) and said iden- 
tifying string (IDgii^). in a memory (8;14;11 ) ac- 
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cessible to said computer (FS); 
putting said device (6) for storing data into com- 
munication with said computer (FS); 
applying said second coding method to said 
first string (CDcie) 'n order to obtain a third 5 
string (HCD*ciesim); 

applying said first decoding method to said sec- 
ond string {HCD*ciesim;HCD"c(esim). in orderto 
obtain a fourth string (HCDcesimJHCD-^ciesim); 
comparing said third string {HCD*ciesim) with io 
said fourth string (HCDcesim^HCD-^ciesim) 
and, in case of identity, informing the computer 
(FS) that said device (6) for storing data has 
been necessarily obtained from said smart card 

(4), 15 

Authentication method according to claim 1 , where- 
in: 

said second coding method consists in a first 20 
operation of concatenation of said first string 
(CDcie) with said identifying string (IDgi^); 
said first coding method consists in a second 
asymmetric cryptographic operation of the re- 
sult of said first operation (HCDciesim) with said 25 
first private key (PrKcie); and 
said first decoding method consists in a third 
asymmetric cryptographic operation of said 
second string (HCDciesim) with said first public 
key (PbKcE). 3o 
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string (HCD'ciesim); 

performing a third asymmetric crypto- 
graphic operation of said fifth string 
(HCDqiesim) with said second public key 
(PbKs,ivi), in order to obtain a sixth string 
(HPCD"c,esim); 

performing a fourth asymmetric crypto- 
graphic operation of said sixth string 
(HPCD'ciesim) with said second private 
key (PrKsiis/i), in order to obtain a seventh 
string (HCD'ciesim)". 

performing a fifth asymmetric cryptograph- 
ic operation of said seventh string 
(HCD'ciesim) with said second private key 
(Pi^Ksim). in order to obtain said second 
string (HCD"ciesim): 

and said first decoding method consists in the 
steps of: 

performing a sixth asymmetric crypto- 
graphic operation of said second string 
(HCD"q,£Sii^) with said second public key 
(P*^Ksim)» in order to obtain a ninth string 
(HCD'ciesim)! 

performing a seventh asymmetric cryptog- 
raphy operation of said ninth string 
(HCD'ciesim) with said first public key (Pb- 
Kcie). in order to obtain said fourth string 
(HCDciesim)- 



Authentication method according to claim 2, where- 
in an "hashing" algorithm is applied to the result of 
said first operation (CDciEsiM.CD^ciEsrivi) and to the 
result of said third operation (CDciesim)- 

Authentication method according to claim 2 or 3, 
wherein said second operation is performed by said 
smart card (4) and said third operation is performed 
by said computer (FS). 4o 



7. Authentication method according to claim 6, where- 
in said second operation is performed by said smart 
card (4), said fourth and fifth operations are per- 
formed by a microprocessor (12) of said apparatus 
(10), and said sixth and seventh operations are per- 
formed by said computer (FS). 

8. Authentication method according to claim 5, where- 
in: 



Authentication method according to claim 1 , where- 
in said first coding method and said first decoding 
method provide for the use of a second private key 
(PrKsiM) and of a second public key (PbKs,|^). 4S 



said second coding method consists in a first 
operation of concatenation of said first string 
(CDcie) with said identifying string (IDqim); 
said first coding method consists In the steps of: 



Authentication method according to claim 5, 
wherein : 

said second coding method consists in a first so 
operation of concatenation of said first string 
(CDcje) with said first identifying string (IDqivi); 
said first coding method consists in the steps of: 

performing a second asymmetric crypto- ss 
graphic operation of the result of said first 
operation (HCDciesim) with said first pri- 
vate key (PrKciE), in order to obtain a fifth 



performing a second asymmetric crypto- 
graphic operation of the result of said first 
operation (HCDqiesim) with said first pri- 
vate key (PrKcE), in order to obtain a fifth 

string (HCD'ciesim): 

performing a third asymmetric crypto- 
graphic operation of said fifth string 
(HCD'ciesim) with said second private key 
(P''Ksim). in order to obtain said second 
string (HCD"ciesim): 

and said first decoding method consists in the 
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steps of: 

performing a fourth asymmetric crypto- 
graphic operation of said second string 
(HCD"ciesim) with said second public key 5 
(PbKsiM), in order to obtain a seventh 
string (HCD'ciesim); 

performing a fifth asymmetric cryptograph- 
ic operation of said seventh string 
(HCD ciesim) with said first public key (Pb- io 
Kcie). order to obtain said fourth string 

(HCDq,£sim)- 

9. Authentication method according to claim 8, where- 
in said second operation is performed by said smart ^5 
card (4), said third operation is performed by a sec- 
ond computer (TP) and said fourth and fifth opera- 
tions are performed by said computer (FS). 

10. Authentication method according to any of the 20 

claims 6 to 9, wherein an "hashing" algorithm is ap- 
plied to the result of said first operation (CDciesim)- 

11. User authentication method performed by a com- 
puter (FS) by means of a device for storing data 25 
comprising the steps of: 

arranging a smart card (4) wherein a first 
private key (PrKd^) and a. digital certificate 
(CDcie) containing the first public key (PbKciE) 
corresponding to said first private key (PrKciE) 
are stored; 

arranging a device (6) for storing data; 
obtaining an identifying string (IDqim; ^''^siM' 
PbKsiis/i) of said device (6) for storing data; 35 
arranging two coding methods and two 
decoding methods, said first coding method 
providing for the use of said first private key 
(PrKciE) and said first decoding method 
providing for the use of said public key (PbKciE) 
corresponding to said private key (PrKQi^), said 
second coding method and said second 
decoding method providing for the use of said 
identifying string (IDsi^; PrKsiM. P^Kqim); 
applying in succession said first/second coding 45 
method and said second/first coding method to 
a first string (CDcie) containing said public key 
(PbKciE). in order to obtain a second string 

(HCD"ciEil^CD'ciE_XOR)i 

storing said first string (CDqie), said second 50 
string (HCD*'cie;HCD'cie_xor) said identi- 
fying string (IDsim; P^Ksim, PbKsjw), in a mem- 
ory (13) accessible to said computer (FS); 
putting said device (6) for storing data into com- 
munication with said computer (FS); ^5 
applying to said second string (HCD^ciE' 
HCD'ciE xor) said second/first decoding meth- 
od, in order to obtain a third string (HCD cie)'. 




applying to said third string (HCD cie;HCD'cie) 
said first/second decoding method, in order to 
obtain a fourth string (HCD*cie)» 
comparing said first string (H CDcie) ^'^^ said 
fourth string (HCD*cie) a"^' ^^se of identity, 
informing the computer (FS) that said device (6) 
for storing data has been necessarily obtained 
by said smart card (4). 

12. Authentication method according to claim 11, 
wherein: 

said second coding method consists in a first 
asymmetric cryptographic operation of said first 
string (CDcie) With said second public key (Pb- 

*^SIIVl)" 

said first coding method consists in a second 
asymmetric cryptographic operation of the re- 
sult of said first operation (HCD'cie) with said 
first private key (PrKciE)l 
said first decoding method consists in the steps 
of: 

f 

generating a first random number (CH); 
creating from the first random number (CH) 
a fifth string (CH*) by means of an asym- 
metric cryptographic operation with- said 
second public key (PbKsiM)l 
performing a third asymmetric cryptogra- 
phy operation of said fifth string (CH') with 
said second private key (PrKsiM)» thereby 
obtaining a second random number (CH*); 
generating, by means of an "hashing" al- 
gorithm on said second random number 
(CH*), a sixth string (S) that Is concatenat- 
ed with itself more times until its length (Lg) 
is equal to the length (Lhcd"CIe) of said sec- 
ond string (HCD"cie); 
generating a seventh string (HCD"cie_xor) 
obtained by performing a first logic opera- 
tion XOR between said second string 
(HCD"cie) and said sixth string (S); 
generating, by means of an "hashing" al- 
gorithm on said second random number 
(CH), an eight string (T) that is concatenat- 
ed with itself more times until its length (L^-) 
is equal to the length (Lhcd-cie_xor) ^f 
said seventh string (HCD"cie_xor)' 
performing a second logic operation XOR 
between said seventh string (HCD" 
ciE xor) said eight string (T), thereby 
obtaining a string that corresponds to said 
third string (HCD'cie); 
performing a fourth asymmetric crypto- 
graphic operation on said third string 
(HCD'cfE) with said first private key 
(PbKcE); 
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and said second coding method consists in the 
steps of : 

performing a fifth asymmetric cryptograph- 
ic operation on the result of said fourth op- 5 
eration (HCD cie) with said second public 
key (PbKsiM), thereby obtaining said fourth 
string (HCD*cie)- 

13. Authentication method according to claim 12, io 
wherein said storing device (6) is provided with a 
microprocessor. 

14. Authentication method according to claim 13, 
wherein said second operation is performed by said is 
smart card (4), said third operation and said first log- 
ic operation are performed by said storing device 
(6) or by the mobile phone (10), and said fourth and 
fifth operations together with said second logic op- 
eration are performed by said computer (FS). 20 

15. Authentication method according to claim 11, 
wherein: 

said first coding method consists in performing 25 
a first asymmetric cryptographic operation of 
said first string with said first private key, in or- 
der to obtain a fifth string (HCD'ce); 
said second coding method consists in the 
steps of: 30 

concatenating said identifying string 
('Dsim) with itself until a sixth string (S) of 
length (Lg) equal to the length (Lhcd'cie) of 
said fifth string (HCD cie) is obtained; 35 
performing a first logic operation XOR be- 
tween said fifth string (HCD'cie) and said 
sixth string (S) for obtaining a string that 
corresponds to said second string 
(HCDcie_xor); "^o 

said second decoding method consisting in the 
steps of: 

concatenating said identifying string 45 
('^sim) with itself until a seventh string (T) 
of length (L-p) equal to the length of said 
second string (Lhcd'cie^xor) 's obtained; 
performing a second logic operation XOR 
between said second string (HCD'cie xor) 
and said seventh string (T), in order to ob- 
tain an eight string (HCDcie); 

said first decoding method consists in perform- 
ing a second asymmetric cryptographic opera- 55 
tion of said eight string (HCD'ce) with said first 
public key (PbKcE), in order to obtain a string 
that corresponds to said fourth string 
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(HCD*cie). 

16. Authentication method according to claim 15, 
wherein said first operation Is performed by said 
smart card (4) and said second operation together 
with said two logic operations are performed by said 
computer (FS). 

17. Authentication method according to any of the 
claims 11 to 16. wherein said first string is a string 
to which an "hashing" algorithm has been applied. 

18. Authentication method according to any of the 
claims from 1 to 4 and from 11 to 13, wherein said 
memory accessible to said computer (FS) is a mem- 
ory (8) contained in said device (6) for storing data. 

19. Authentication method according to any of the 
claims 1 ,5,6,7,10 wherein said memory accessible 
to said computer (FS) is a memory (14) contained 
in a microprocessor (1 2) of said communication ap- 
paratus (10). 

20. Authentication method according to any of the 
claims 1,5,8,9,10 wherein said memory accessible 
to said computer (FS) is a memory (11) contained 
in a second computer (TP). 

21. Authentication method according to any of the 
claims 1 1 , 1 4, 1 5, 1 6, 1 7 wherein said memory acces- 
sible to said computer (FS) is a memory (13) con- 
tained in said computer itself (FS). 

22. Authentication method according to any of the pre- 
ceding claims, wherein said first string is the digital 
certificate (CDcie) stored in said smart card (4). 

23. Authentication method according to claim 22, 
wherein at the end of said authentication method, it 
is provided to verify the validity of said digital certif- 
icate (CDcie) ^ remote computer (CRL) dispos- 
ing of a list of the certificates revoked by the certifi- 
cation authority (CA), said authority being identified 
through said digital certificate (CDcie), anci only if 
said digital certificate (CDcie) 's valid, the computer 
(FS) is informed that it is possible to provide for 
some services. 

24. Authentication method according to claim 23, 
wherein said remote computer (CRL) is the compu- 
ter of the certification authority (CA). 

25. Authentication method according to any of the pre- 
ceding claims, wherein said device (6) for storing 
data is Intended to be used in a communication ap- 
paratus (10). 

26. Authentication method according to any of the pre- 
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ceding claims, wherein said communication appa- 
ratus (10) is a mobile phone. 

27. Authentication method according to any of the pre- 
ceding claims, wherein said device (6) for storing 
data is a second smart card. 

28. Device for obtaining a device (6) for storing data to 
be used in the authentication method as claimed in 
the claims from 1 to 27 starting from a smart card 
(4) wherein a first string (CDcie) containing a public 
key (PbKciE) and a private key (PrKciE) corre- 
sponding to said public key are stored, said smart 
card (4) being usable for authenticating a user by 
means of a computer (FS), said device (1 ) compris- 
ing reading means of said smart card (4), reading/ 
writing means of said device (6) for storing data and 
data processing means, characterised In that said 
data processing means generate a second string 

(HCDciEsiMiHCD"ciEJ'^CD"ciEsiM". HCD'cie_xor) 
associated to said first string (CDcie). ^'^^ store said 
second string (HCD ciesim;HCD"c,e;HCD"ciesim; 
•^CD'ciE xor)' together with an identifying string 
('DsiM' PbKsiM. PrKsiM)of said device (6) for storing 
data, in a memory accessible (8;11;13;14) to said 
computer (FS). 



10 



15 



20 



25 



35. Device for storing data to be used in the authenti- 
cation method as claimed in the claims from 1 to 27, 
wherein are stored a first string (CDcie) containing 
a public key (PbKciE). an identifying string (IDgiM; 
Pb^^siM' P''^sim) said smart card and a second 
string (HCDciesim;HCD"cie;HCD"ciesim;HCD' 
ciE xor) obtained by applying in succession to said 
first string (CDcie) two coding methods, wherein 
one of said two coding methods uses the private 
key (PrKciE) associated to said public key (PbKdE). 
and the other of said two coding methods uses said 
identifying string (IDs,m; PbKs,M, PrKs,M)- 

36. Device for storing data according to claim 35, char- 
acterised in that said device is a smart card (6). 



29. Device according to claim 28, characterised in 
that, for obtaining said second string (HCD ciesimJ 
HCD"c,e:HCD"ciesim; HCD'cie_xor) ^^^^ said first 30 
string (CDcie) a f'rst coding method using said first 
private key (PrKciE) and a second coding method 
using said identifying string (IDs,^^; PbKgiM. PrKsiivi) 

or vice versa are applied in succession. 

35 

30. Device according to one of the claims 28 or 29, 
characterised In that said memory accessible to 
said computer (FS) is a memory (8) contained in 
said device (6) for storing data. 

40 

31. Device according to one of the claims 28 or 29, 
characterised In that said memory accessible to 
said computer (FS) is a memory "(13) contained in 
said computer (FS). 

45 

32. Device according to one of the claims 28 or 29, 
characterised in that said memory accessible to 
said computer (FS) is a memory (11) contained in 
a second computer (TP). 

50 

33. Device according to one of the claims 28 or 29, 
characterised in that said memory accessible to 
said computer (FS) is a memory (14) contained in 
a microprocessor (12). 

55 

34. Device according to one of the claims 28 to 33, 
characterised In that said first string is said digital 
certificate (CDqie). 
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